“Coding agents are superhuman at finding vulnerabilities,” Aráoz wrote. “Smart contract security is too asymmetric: defenders need to fix every bug while attackers need just one exploit to steal funds” .
This is not a bug that a better audit can fix. It is a structural feature of how AI-assisted attacks now work. Traditional defenses — open-source transparency, multiple independent audits, formal verification — were designed for an era when human attackers faced human defenders on roughly equal footing. AI changes that calculus entirely .
Aráoz’s warning did not come out of nowhere. April 2026 saw a cascade of attacks that collectively drained between $630 million and $647 million from DeFi protocols across more than 25 separate incidents — the highest monthly total since February 2025, when losses hit $1.47 billion .
Drift Protocol — $285 million (April 1)
The month opened with a sophisticated social engineering campaign attributed to the North Korean Lazarus Group. Attackers spent roughly six months cultivating trust with Drift Security Council members, eventually tricking them into pre-signing transactions that granted privileged access. Once inside, the attackers deposited a fake token as collateral and drained approximately $285 million from the Solana-based DEX — in about 10 seconds .
This was not a smart contract bug. It was a human compromise of a governance structure.
KelpDAO — $293 million (April 18)
The largest DeFi exploit of 2026 struck KelpDAO’s LayerZero cross-chain bridge. An attacker minted 116,500 rsETH — worth roughly $293 million — and used the tokens as collateral to borrow real ETH, which was then moved through THORChain . Chainalysis later determined the exploit exposed off-chain verification weaknesses rather than a conventional smart contract failure
.
Within 48 hours, panicked users triggered a cascade of withdrawals that erased billions from DeFi TVL. Aave, the largest lending protocol, immediately froze its rsETH markets across multiple versions .
Wasabi — admin key compromise (April)
A third major incident in April targeted Wasabi, involving a compromised admin key that triggered a domino effect across the protocol. Together with Drift and KelpDAO, these three attacks represented three distinctly different categories of “non-code failure” — social engineering, off-chain verification weaknesses, and infrastructure compromise .
Security analysts noted that the vulnerability classes causing losses in 2026 — access control failures, proxy upgradeability exploits, and cross-chain bridge attacks — are attack vectors that barely existed in 2020 .
The numbers paint a stark picture. DeFi’s total value locked has fallen more than 50% from its October 2025 peak of approximately $170 billion to roughly $38–$43 billion by mid-May 2026 — the worst contraction since the FTX crash . One tracker put TVL at $82.08 billion in late May, still reflecting both asset price compression and genuine capital withdrawals
.
Aráoz’s May 26 warning added a fresh wave of outflows from nervous retail and institutional users who had been clinging to the hope that established protocols remained safe. The reality was that even protocols OpenZeppelin had helped secure since 2015 — Aave, MakerDAO, and Compound — were now flagged as unsafe by the very security expert who knew their code best .
In the face of an existential crisis, the DeFi industry mounted one of the most coordinated responses in its history.
The DeFi United rescue fund. Led by Aave, more than 30 protocols and firms — including Mantle, Consensys, Lido, EtherFi, and Compound — pledged over $300 million in Ether to cover bad debt and restore rsETH backing after the KelpDAO exploit . The initiative gathered commitments exceeding 43,500 ETH, with Mantle alone proposing to lend up to 30,000 ETH to the Aave DAO
. Standard Chartered publicly praised the effort as evidence of ecosystem maturation
.
Arbitrum’s unprecedented intervention. The Arbitrum Security Council made the controversial decision to freeze and move approximately 30,766 ETH of traceable proceeds from the KelpDAO attack — without the attackers’ private keys. This marked one of the most aggressive on-chain interventions by a Layer 2 network .
Emergency protocol halts. KelpDAO paused all contracts across mainnet and L2s within hours of detecting the breach. Aave froze its rsETH markets on V3 and V4 to prevent cascading liquidations .
Regulatory pressure mounts. EU financial regulators began drafting emergency licensing requirements for DeFi protocols, while the U.S. Treasury signaled increased oversight of protocols handling more than $50 million in user assets .
Drift Protocol recovery. Tether announced a $127.5 million commitment to fund a revenue-linked recovery pool for Drift users, representing one of the largest stablecoin-issuer bailouts in DeFi history .
Despite these extraordinary efforts, the core argument remains unrebutted. Aráoz’s warning is not about a temporary spike in exploits or a few protocols that need better audits. It is a structural diagnosis: AI-powered attackers have permanently altered the security equation, and the industry has not yet demonstrated a comparable defensive breakthrough .
The protocols that survived April 2026 are now operating in a world where social engineering can drain $285 million in seconds, where bridge verifiers can be spoofed to mint $293 million in fake collateral, and where AI agents can scan for new vulnerabilities faster than any human audit team can patch them. Until the asymmetry is addressed at a fundamental level — through architecture, governance redesign, and AI-powered defense — Aráoz’s warning will stand.